Fundamentals of Risk Management
Approaches to risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk management process
|
Approaches to risk management
74 contains a significant amount of useful information on risk management tools and techniques. Many of the ideas and concepts presented in the Orange Book are referenced throughout this volume. Some of the available standards were developed by risk management professionals, whilst others were developed by accountants or auditors. There are three distinct approaches followed in the various standards: ● ● ‘risk management’ approach, followed by ISO 31000, British Standard BS 31100 and the IRM Standard; ● ● ‘internal control’ approach, developed by COSO Internal Control framework and by the FRC risk guidance; ● ● ‘risk-aware culture’ approach, developed by the Canadian Institute of Chartered Accountants, known as the CoCo framework. Risk management process A simple representation of the risk management process is provided by Figure 4.1 and a similar process is contained in all of the established risk management standards. Many of the standards distinguish between the risk management process and the framework that implements and supports the process. However, this distinction is not always clear in many of the established risk management standards/frameworks. The best-established risk management approaches are the IRM Standard, ISO 31000, BS 31100, and the COSO ERM framework. All four provide a description of a risk management framework, but more emphasis is placed on the risk management process in the IRM Standard, ISO 31000 and BS 31100. The COSO approach does not provide the same clear distinction between the framework and the risk manage- ment process itself and is mainly concerned with framework considerations. Several countries have developed their own internal control and risk management standards as part of their requirements for being listed on a stock exchange. Typically, these are frameworks similar to COSO Internal Control in approach, and this is certainly the case with the current FRC risk guidance requirements that exist in the UK. Although there are many ways of representing the risk management process, the basic steps are all similar. There can be difficulties with the terminology that is used to describe the various steps, and Appendix B provides definitions of basic terms, as well as cross-referencing the different terminologies that can be used. Appendix C describes the stages involved in achieving successful risk management and this is structured in a plan–implement–measure–learn (PIML) format. This is very similar to the plan–do–check–act format followed in several international standards and often referred to as PDCA. PIML is intended to indicate a more structured and analytical approach. |
